Telnet

Telnet is used for administrative control of your storage system and uses TCP connections on port 23. Telnet is more secure than RSH, as secure as FTP, and less secure than SSH or Secure Socket Layer (SSL).

Telnet is not secure because:

When users log in to a system, such as your storage system, user names and passwords are transmitted over the network in clear text format.
Clear text format can be read by an attacker by using a packet sniffer program. The attacker can use these user names and passwords to log in to your storage system and execute unauthorized administrative functions, including destruction of data on the system. If the administrators use the same passwords on your storage system as they do on other network devices, the attacker can use these passwords to access those resources as well.

Note: To reduce the potential for attack, establish and enforce policies preventing administrators from using the same passwords on your storage system that they use for access to other network resources.
Telnet server software used on other platforms (typically in UNIX environments) have serious security-related flaws that allow unauthorized users to gain administrative (root) control over the host.

Telnet is also vulnerable to the same type of TCP session attacks as SSH protocol version 1. However, TCP session attacks are less common because a packet sniffing attack is easier.

To disable Telnet, set options telnet.enable to off.

Starting with Data ONTAP 7.3.1, Telnet supports IPv6. However, if you have enabled the IPv6 option when the storage system is in operation (not during setup), then you need to restart the Telnet service. In other words, you need to turn off and then turn on the Telnet service for connecting over IPv6.

Parent topic: IP port usage on a storage system